Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021
Ran by tc-electrical (25-05-2021 13:38:56) Run:4
Running from C:\Users\tc-electrical\Desktop\ja\New folder
Loaded Profiles: admin & tc-electrical & stenmar & tc-admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
.HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\stenmar\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\tc-electrical\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {8D172A31-2251-472A-98B7-F386FFC5C2AE} - System32\Tasks\{66E3DB07-80D2-4DF1-93F8-84389944C336} => C:\windows\system32\pcalua.exe -a F:\autorun.exe -d F:\
HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-615164164-2078643864-492831376-16164 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-615164164-2078643864-492831376-16164 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-615164164-2078643864-492831376-19557 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-615164164-2078643864-492831376-19557 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe" -r [X]
S2 avpsus; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
U3 ayevlglr; C:\Windows\System32\Drivers\ayevlglr.sys [0 0000-00-00] (QLogic Corporation) <==== ATTENTION (zero byte File/Folder)
U1 aswbdisk; no ImagePath
U3 aswblog; no ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\." => not found
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Users\stenmar\NTUSER.pol => moved successfully
C:\Users\tc-electrical\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D172A31-2251-472A-98B7-F386FFC5C2AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D172A31-2251-472A-98B7-F386FFC5C2AE}" => removed successfully
C:\windows\System32\Tasks\{66E3DB07-80D2-4DF1-93F8-84389944C336} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66E3DB07-80D2-4DF1-93F8-84389944C336}" => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-16164\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-615164164-2078643864-492831376-19557\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\System\CurrentControlSet\Services\AVP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avpsus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
HKLM\System\CurrentControlSet\Services\ayevlglr => removed successfully
ayevlglr => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswblog => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\MBAMChameleon => removed successfully
MBAMChameleon => service removed successfully

========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========

wevtutil.exe : Failed to clear log AirSpaceChannel. The requested operation can
not be performed over an enabled direct channel. The channel must first be disa
bled before performing the requested operation.
At C:\FRST\tmp.ps1:1 char:39
+ wevtutil el | Foreach-Object {wevtutil <<<<  cl "$_"}
    + CategoryInfo          : NotSpecified: (Failed to clear...sted operation. 
   :String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
wevtutil.exe : Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested ope
ration cannot be performed over an enabled direct channel. The channel must fir
st be disabled before performing the requested operation.
At C:\FRST\tmp.ps1:1 char:39
+ wevtutil el | Foreach-Object {wevtutil <<<<  cl "$_"}
    + CategoryInfo          : NotSpecified: (Failed to clear...sted operation. 
   :String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 

========= End of Powershell: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10878973 B
Java, Flash, Steam htmlcache => 1196 B
Windows/system/drivers => 942837 B
Edge => 0 B
Chrome => 7201872 B
Firefox => 26145822 B
Opera => 6491829 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 83462 B
LocalService => 83462 B
NetworkService => 83590 B
admin => 2605001 B
tc-electrical => 511676431 B
stenmar => 2164602388 B
tc-admin => 2164651835 B

RecycleBin => 11282723 B
EmptyTemp: => 4.6 GB temporary data Removed.

================================